Source: linux Version: 3.2.54-2 Hi,
In fs/cifs/file.c's cifs_iovec_write I believe that 'written'[1] can be used while not initialized: it is initialized in the call to CIFSSMBWrite2[2] but that code may not be run whenever cifs_reopen_file fails with any error other than EAGAIN. In that case, it would be used, uninitialized, to check it against 0[4] and then used to modify a series of size_t, ssize_t, loff_t, etc. I have not tried to follow what could actually happen in that case. >From a quick look to cifs_reopen_file it appears that at least EACCES and ENOMEM can be returned. It would appear that this was fixed in 3.4 with the move to async writes in da82f7e755d2808ba726c9b23267d5bb23980e94 [1]http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2108 [2]http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2190 [3]http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2183 [4]http://sources.debian.net/src/linux/3.2.54-2/fs/cifs/file.c#L2197 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAA7hUgFxUokzF_aXYFouY5CcpiN=cr48qs8vx__tu-mhtce...@mail.gmail.com
